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CLAIM AMENDMENTS 



1 1 . (Currently amended) A method for providing shared secret keys for communicating 

2 through a secure channel between members of a dynamically changing multicast group 

3 connected over an insecure network, the method comprising the computer-implemented 

4 steps of: 

5 computing a first shared secret key for establishing a first multicast group that includes a 

6 set of one or more first members; 

7 generating a first multicast group exchange key based on the first shared secret key; 

8 receiving a first user exchange key from a first user requesting entry into the first 

9 < multicast group; 

10 computing a second secret key kl based on the first user exchange key and the first 

1 1 shared secret ke y according to the relation kl = (Y' k mod (nV), wherein Y' 

12 represents the first user exchange key, k represents the first shared secret key, and 

13 n is a prime number selected by themembers of the multicast group and 

14 previously used to generate the first shared secret key k ; 

15 sending the first multicast group exchange key to the first user, wherein the first multicast 

16 group exchange key allows the first user to generate the second shared secret key; 

17 and 

18 establishing a second multicast group whose members include the first user and the set of 

19 one or more first members of the first multicast group, wherein the second shared 

20 secret key provides a first secure channel for communicating between members of 

21 the second multicast group over the insecure network. 

1 2. (Original) The method as recited in Claim 1, wherein the step of computing a first shared 

2 secret key includes the steps of: 

3 selecting a private non-zero random integer "x"; 

4 selecting a public non-zero integer "g"; 

5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k = (g x mod (n)). 
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1 3. (Original) The method as recited in Claim 2, wherein the step of generating a first 

2 multicast group exchange key includes the step computing the first multicast group 

3 exchange key K' according to the relation 

4 K' = (g k mod (n)). 

1 4. (Currently amended) The method as recited in Claim 2, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first user 

3 exchange key value Y' computed according to the relation 

4 Y' = (g y mod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first use r; and 

6 the st e p of computing a second secret key includes th e st e p computing th e s e cond secret 

7 key "kl" according to th e r e lation 

8 kl-(Y*mod (n)) . 

1 5. (Previously presented) The method as recited in Claim 2, wherein the step of sending the 

2 first multicast group exchange key to the first user further comprises the first user 

3 computing the second secret key "kl" according to the relation 

4 kl =(K ,y mod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first user; and 

6 wherein K' is the first multicast group exchange key. 

1 6. (Original) The method as recited in Claim 1, wherein: 

2 the step of receiving a first user exchange key from a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast group; 

4 and 

5 providing the first user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 

1 7. (Original) The method as recited in Claim 1, further comprising the steps of: 

2 generating a second multicast group exchange key based on the second shared secret key; 

3 
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3 receiving a second user exchange key from a second user requesting entry into the second 

4 multicast group; 

5 computing a third secret key based on the second user exchange key and the second 

6 shared secret key; 

7 sending the second multicast group exchange key to the second user, wherein the second 

8 multicast group exchange key allows the second user to generate the third shared 

9 secret key; and 

10 establishing a third multicast group whose members include the second user and the 

1 1 members of the second multicast group, wherein the third shared secret key 

12 provides a second secure channel for communicating between members of the 

13 third multicast group over the insecure network. 

1 8. (Original) The method as recited in Claim 2, further comprising the steps of: 

2 determining that a first departing member has left the second multicast group; 

3 selecting a private multicast group non-zero random integer; 

4 generating a second multicast group exchange key based on the private multicast group 

5 non-zero random integer, the public non-zero integer "g" and the public prime 

6 integer "n"; 

7 broadcasting the second multicast group exchange key to each remaining member of the 

8 second multicast group; 

9 in response to receiving the second multicast group exchange key, each remaining 

10 member computing a third secret key based on the second multicast group 

1 1 exchange key and the second shared secret key; and 

12 establishing a third multicast group whose members include only remaining members of 

13 the second multicast group, wherein the third shared secret key provides a second 

14 secure channel for communicating between members of the third multicast group 

1 5 over the insecure network. 
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1 9. (Previously presented) The method as recited in Claim 1 , wherein the step of 

2 establishing a second multicast group requires a total of approximately N+l messages for 

3 providing the first secure channel for communicating between members of the second 

4 multicast group over the insecure network, wherein N is a number of members of the first 

5 multicast group. 

1 10. (Currently Amended) A computer-readable medium carrying one or more sequences of 

2 one or more instructions for communicating through a secure channel between members 

3 of a dynamically changing multicast group connected over an insecure network, and 

4 which instructions, when executed by one or more processors, cause the one or more 

5 processors to perform the steps of: 

6 computing a first shared secret key for establishing a first multicast group that includes a 

7 set of one or more first members; 

8 generating a first multicast group exchange key based on the first shared secret key; 

9 receiving a first user exchange key from a first user requesting entry into the first 

10 multicast group; 

1 1 computing a second secret key kl based on the first user exchange key and the first 

12 shared secret ke y according to the relation kl = (Y' k mod (n)\ wherein Y ? 

13 represents the first user exchange key, k represents the first shared secret key, and 

14 n is a prime number selected by the members of the multicast group and 

15 previously used to generate the first shared secret key k ; 

16 sending the first multicast group exchange key to the first user, wherein the first multicast 

17 group exchange key allows the first user to generate the second shared secret key; 

18 and 

19 establishing a second multicast group whose members include the first user and the set of 

20 one or more first members of the first multicast group, wherein the second shared 

21 secret key provides a first secure channel for communicating between members of 

22 the second multicast group over the insecure network. 
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1 11. (Original) The computer-readable medium as recited in Claim 10, wherein the step of 

2 computing a first shared secret key includes the steps of: 

3 selecting a private non-zero random integer "x"; 

4 selecting a public non-zero integer "g"; 

5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k = (g x mod (n)). 

1 12. (Original) The computer-readable medium as recited in Claim 11, wherein the step of 

2 generating a first multicast group exchange key includes the step computing the first 

3 multicast group exchange key K' according to the relation 

4 K* = (g k mod (n)). 

1 13. (Currently Amended) The computer-readable medium as recited in Claim 1 1 , wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first user 

3 exchange key value Y' computed according to the relation 

4 Y' = (g y mod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first use r; and 

6 th e st e p of computing a s e cond secr e t k e y includ e s th e st e p computing the second 

7 s e cr e t k e y "kl" according to th e r e lation 

8 kl-(Y*mod (n)) . 

1 14. (Previously presented) The computer-readable medium as recited in Claim 1 1 , wherein 

2 the step of sending the first multicast group exchange key to the first user further 

3 comprises the first user computing the second secret key "kl" according to the relation 

4 kl=(K' y mod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first user; and 

6 wherein K 5 is the first multicast group exchange key. 
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1 15. (Original) The computer-readable medium as recited in Claim 10, wherein: 

2 the step of receiving a first user exchange key from a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast group; 

4 and 

5 providing the first user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 

1 16. (Original) The computer-readable medium as recited in Claim 10, further comprising 

2 instructions for performing the steps of: 

3 generating a second multicast group exchange key based on the second shared secret key; 

4 receiving a second user exchange key from a second user requesting entry into the second 

5 multicast group; 

6 computing a third secret key based on the second user exchange key and the second 

7 shared secret key; 

8 sending the second multicast group exchange key to the second user, wherein the second 

9 multicast group exchange key allows the second user to generate the third shared 

10 secret key; and 

1 1 establishing a third multicast group whose members include the second user and the 

12 members of the second multicast group, wherein the third shared secret key 

13 provides a second secure channel for communicating between members of the 

14 third multicast group over the insecure network. 

1 17. (Original) The computer-readable medium as recited in Claim 11, further comprising 

2 instructions for performing the steps of: 

3 determining that a first departing member has left the second multicast group; 

4 selecting a private multicast group non-zero random integer; 

5 generating a second multicast group exchange key based on the private multicast group 

6 non-zero random integer, the public non-zero integer "g" and the public prime 

7 integer "n"; 

8 broadcasting the second multicast group exchange key to each remaining member of the 

9 second multicast group; 
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10 in response to receiving the second multicast group exchange key, each remaining 

1 1 member computing a third secret key based on the second multicast group 

12 exchange key and the second shared secret key; and 

13 establishing a third multicast group whose members include only remaining members of 

14 the second multicast group, wherein the third shared secret key provides a second 

1 5 secure channel for communicating between members of the third multicast group 

1 6 over the insecure network. 

1 18. (Previously presented) The computer-readable medium as recited in Claim 10, wherein 

2 the step of establishing a second multicast group requires a total of approximately N+l 

3 messages for providing the first secure channel for communicating between members of 

4 the second multicast group over the insecure network, wherein N is a number of members 

5 of the first multicast group. 

1 19. (Currently Amended) A network device configured for communicating through a secure 

2 channel between members of a dynamically changing multicast group connected over an 

3 insecure network, comprising: 

4 a network interface; 

5 a processor coupled to the network interface and receiving information from the network 

6 interface; 

7 a computer-readable medium accessible by the processor and comprising one or more 

8 sequences of instructions which, when executed by the processor, cause the 

9 processor to carry out the steps of: 

10 computing a first shared secret key for establishing a first multicast group that 

1 1 includes a set of one or more first members; 

12 generating a first multicast group exchange key based on the first shared secret 

13 key; 

14 receiving a first user exchange key from a first user requesting entry into the first 

15 multicast group; 
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16 computing a second secret key kl based on the first user exchange key and the 

1 7 first shared secret ke y according to the relation kl =(Y' k mod (n)\ 

18 wherein Y' represents the first user exchange key, k represents the first 

19 shared secret key, and n is a prime number selected by the members of the 

20 multicast group and previously used to generate the first shared secret key 

21 k; 

22 sending the first multicast group exchange key to the first user, wherein the first 

23 multicast group exchange key allows the first user to generate the second 

24 shared secret key; and 

25 establishing a second multicast group whose members include the first user and 

26 the set of one or more first members of the first multicast group, wherein 

27 the second shared secret key provides a first secure channel for 

28 communicating between members of the second multicast group over the 

29 insecure network. 

1 20. (Original) The network device as recited in Claim 19, wherein the step of computing a 

2 first shared secret key includes the steps of: 

3 selecting a private non-zero random integer "x"; 

4 selecting a public non-zero integer "g"; 

5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k = (g x mod (n)). 

1 21 . (Original) The network device as recited in Claim 20, wherein the step of generating a 

2 first multicast group exchange key includes the step computing the first multicast group 

3 exchange key K' according to the relation 

4 K'=(g k mod(n)). 

1 22. (Currently Amended) The network device as recited in Claim 20, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first user 

3 exchange key value Y' computed according to the relation 

4 Y' = (g y mod(n)), 
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5 wherein "y" is a private non-zero random integer selected by the first use r; and 

6 tho step of computing a s e cond s e cr e t k e y includ e s th e st e p computing th e s e cond 

7 secret k e y "kl" according to the r e lation 

8 kl -(Y ,k mod (n)) . 

1 23. (Previously presented) The network device as recited in Claim 20, wherein the step of 

2 sending the first multicast group exchange key to the first user further comprises the first 

3 user computing the second secret key "kl" according to the relation 

4 kl=(K' y mod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first user; and 

6 wherein K' is the first multicast group exchange key. 

1 24. (Original) The network device as recited in Claim 19, wherein: 

2 the step of receiving a first user exchange key from a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast group; 

4 and 

5 providing the first user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 

1 25. (Original) The network device as recited in Claim 19, further comprising instructions for 

2 performing the steps of: 

3 generating a second multicast group exchange key based on the second shared secret key; 

4 receiving a second user exchange key from a second user requesting entry into the second 

5 multicast group; 

6 computing a third secret key based on the second user exchange key and the second 

7 shared secret key; 

8 sending the second multicast group exchange key to the second user, wherein the second 

9 multicast group exchange key allows the second user to generate the third shared 
10 secret key; and 
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1 1 establishing a third multicast group whose members include the second user and the 

12 members of the second multicast group, wherein the third shared secret key 

13 provides a second secure channel for communicating between members of the 

14 third multicast group over the insecure network. 

1 26. (Original) The network device as recited in Claim 20, further comprising instructions for 

2 performing the steps of: 

3 determining that a first departing member has left the second multicast group; 

4 selecting a private multicast group non-zero random integer; 

5 generating a second multicast group exchange key based on the private multicast group 

6 non-zero random integer, the public non-zero integer "g" and the public prime 

7 integer "n"; 

8 broadcasting the second multicast group exchange key to each remaining member of the 

9 second multicast group; 

10 in response to receiving the second multicast group exchange key, each remaining 

1 1 member computing a third secret key based on the second multicast group 

12 exchange key and the second shared secret key; and 

13 establishing a third multicast group whose members include only remaining members of 

14 the second multicast group, wherein the third shared secret key provides a second 

15 secure channel for communicating between members of the third multicast group 

1 6 over the insecure network. 

1 27. (Previously presented) The network device as recited in Claim 19, wherein the step of 

2 establishing a second multicast group requires a total of approximately N+l messages for 

3 providing the first secure channel for communicating between members of the second 

4 multicast group over the insecure network, wherein N is a number of members of the first 

5 multicast group. 
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1 28. (Currently Amended) A network device configured for communicating through a secure 

2 channel between members of a dynamically changing multicast group connected over an 

3 insecure network, comprising: 

4 means for computing a first shared secret key for establishing a first multicast group that 

5 includes a set of one or more first members; 

6 means for generating a first multicast group exchange key based on the first shared secret 

7 key; 

8 means for receiving a first user exchange key from a first user requesting entry into the 

9 first multicast group; 

10 means for computing a second secret key kl based on the first user exchange key and the 

1 1 first shared secret ke y according to the relation kl = (Y' k mod (n)\ wherein Y ? 

12 represents the first user exchange key, k represents the first shared secret key, and 

13 n is a prime number selected by the members of the multicast group and 

14 previously used to generate the first shared secret key k ; 

15 means for sending the first multicast group exchange key to the first user, wherein the 

16 first multicast group exchange key allows the first user to generate the second 

1 7 shared secret key; and 

1 8 means for establishing a second multicast group whose members include the first user 

19 and the set of one or more first members of the first multicast group, wherein the 

20 second shared secret key provides a first secure channel for communicating 

21 between members of the second multicast group over the insecure network. 

1 29. (Currently Amended) A method for generating a shared secret key for use by a first 

2 member, a second member, and a third member who joins the first member and the 

3 second member for secure communication as a multicast group over an insecure network, 

4 the method comprising the computer-implemented steps of: 

5 generating a first multicast group exchange key K' based on a first shared secret key "k" 

6 that is used by a first multicast group that includes the first member and the 

7 second member, wherein k = (g x mod (n)), "x" is a private non-zero random 

8 integer, "g" is a public non-zero integer, and "n" is a pre-determined public prime 

9 integer, and wherein K' = (g k mod (n)); 



12 

Docket No. 50325-0127 (2380) 



Application of Srinath GUNDAVELLI, et al, Ser. No. 09/608,831, Filed June 30, 2000 

Reply to Office Action 



10 receiving a first user exchange key from the third member as part of a request by the third 

1 1 member to enter the first multicast group; 

12 sending the first multicast group exchange key to the first member, wherein the first 

13 multicast group exchange key allows the first member to generate a second secret 

14 key kl based on the first user exchange key and the first shared secret key 

15 according to the relation kl = (Y ?k mod (n)\ wherein Y* represents the first user 

16 exchange key, k represents the first shared secret key, and n is a prime number 

17 selected by the members of the multicast group and previously used to generate 

18 the first shared secret key k ; and 

19 establishing secure communication in a second multicast group whose members include 

20 the first member, the second member and the third member, and based on the 

21 second shared secret key. 

1 30. (Currently Amended) The method as recited in Claim 29, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first user 

3 exchange key value Y' computed according to the relation 

4 Y* = (g y mod (n)), 

5 wherein "y" is a private non-zero random integer selected by the first member- 

6 aad 

7 the step of computing a second secret key includes the st e p computing the s e cond secret 

8 key "kl" according to th e r e lation 

9 kl - (Y , k mod (n)) . 

1 31. (Original) The method as recited in Claim 29, wherein the step of sending the first 

2 multicast group exchange key to the first member further comprises the first member 

3 computing the second secret key "kl" according to the relation 

4 kl = (K ,y mod (n)). 

1 32. (Original) The method as recited in Claim 29, wherein the step of receiving a first user 

2 exchange key from a first member comprises the step of providing the first user with the 

3 first multicast exchange key only after verifying that the first user is allowed to enter the 

4 first multicast group. 
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1 33. (Original) The method as recited in Claim 29, further comprising the steps of: 

2 determining that a first departing member has left the second multicast group; 

3 selecting a private multicast group non-zero random integer; 

4 generating a second multicast group exchange key based on the private multicast group 

5 non-zero random integer, the public non-zero integer "g" and the public prime 

6 integer "n"; 

7 broadcasting the second multicast group exchange key to each remaining member of the 

8 second multicast group; 

9 in response to receiving the second multicast group exchange key, each remaining 

10 member computing a third secret key based on the second multicast group 

1 1 exchange key and the second shared secret key; and 

12 establishing a third multicast group whose members include only remaining members of 

13 the second multicast group, wherein the third shared secret key provides a second 

14 secure channel for communicating between members of the third multicast group 

1 5 over the insecure network. 

1 34. (Currently Amended) The method as recited in Claim 1, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 further comprising the step of the particular first member sending the first user exchange 

5 key to the other first members of the set of one or more first members; and 

6 wherein each first member of the set of one or more first members computes the second 

7 secret key kl based on the first user exchange key and the first shared secret key 

8 according to the relation kl = (Y' k mod (nVh wherein Y ? represents the first user 

9 exchange key, k represents the first shared secret key, and n is a prime number 

10 selected by the members of the multicast group and previously used to generate 

11 the first shared secret key k . 

1 35. (Currently Amended) The method as recited in Claim 1, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 
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4 the other first members of the set of one or more first members receive the first user 

5 exchange key from the first user; and 

6 each first member of the set of one or more first members computes the second secret key 

7 kl based on the first user exchange key and the first shared secret ke y according 

8 to the relation kl = (T' k mod (n)). wherein Y' represents the first user exchange 

9 key, k represents the first shared secret key, and n is a prime number selected by 

10 the members of the multicast group and previously used to generate the first 

11 shared secret key k . 

1 36. (Previously presented) The method as recited in Claim 1, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 

1 37. (Currently Amended) The computer-readable medium as recited in Claim 10, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 further comprising instructions for performing the step of the particular first member 

5 sending the first user exchange key to the other first members of the set of one or 

6 more first members; and 

7 wherein each first member of the set of one or more first members computes the second 

8 secret key kl based on the first user exchange key and the first shared secret key 

9 according to the relation kl = (Y ?k mod (n)\ wherein Y' represents the first user 

10 exchange key, k represents the first shared secret key, and n is a prime number 

11 selected by the members of the multicast group and previously used to generate 

12 the first shared secret key k . 

1 38. (Currently Amended) The computer-readable medium as recited in Claim 10, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key from the first user; and 
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6 each first member of the set of one or more first members computes the second secret key 

7 kl based on the first user exchange key and the first shared secret ke y according 

8 to the relation kl = (Y' k mod (n)\ wherein Y' represents the first user exchange 

9 key, k represents the first shared secret key, and n is a prime number selected by 

10 the members of the multicast group and previously used to generate the first 

11 shared secret key k . 

1 39. (Previously presented) The computer-readable medium as recited in Claim 10, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 

1 40. (Currently Amended) The network device as recited in Claim 19, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the computer-readable medium further comprises instructions for performing the step of 

5 the particular first member sending the first user exchange key to the other first 

6 members of the set of one or more first members; and 

7 wherein each first member of the set of one or more first members computes the second 

8 secret key kl based on the first user exchange key and the first shared secret key 

9 according to the relation kl = (Y' k mod (n)\ wherein Y ? represents the first user 

10 exchange key, k represents the first shared secret key, and n is a prime number 

11 selected by the members of the multicast group and previously used to generate 

12 the first shared secret key k . 

1 41 . (Currently Amended) The network device as recited in Claim 19, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key from the first user; and 
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6 each first member of the set of one or more first members computes the second secret key 

7 kl based on the first user exchange key and the first shared secret ke y according 

8 to the relation kl = (Y' k mod (nV), wherein Y' represents the first user exchange 

9 key, k represents the first shared secret key, and n is a prime number selected by 

10 the members of the multicast group and previously used to generate the first 

11 shared secret key k . 

1 42. (Previously presented) The network device as recited in Claim 19, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 

1 43. (Previously presented) The network device as recited in Claim 28, wherein the means for 

2 computing a first shared secret key includes: 

3 means for selecting a private non-zero random integer "x"; 

4 means for selecting a public non-zero integer "g"; 

5 means for selecting a public prime integer "n"; and 

6 means for computing the first shared secret key "k" according to the relation 

7 k - (g x mod (n)). 

1 44. (Previously presented) The network device as recited in Claim 43, wherein the means for 

2 generating a first multicast group exchange key includes means for computing the first 

3 multicast group exchange key K' according to the relation 

4 K' = (g k mod(n)). 

1 45. (Currently Amended) The network device as recited in Claim 43, wherein 

2 the means for receiving a first user exchange key includes means for receiving a first user 

3 exchange key value Y' computed according to the relation 

4 Y'-(g y mod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first use r; and 

6 th e m e ans for computing a second secr e t k e y includ e s means for computing th e 

7 s e cond se cr e t key "kl" according to th e r e lation 

8 kl -(Y ?k m o d (n)). 
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1 46. (Previously presented) The network device as recited in Claim 43, wherein the means for 

2 sending the first multicast group exchange key to the first user further comprises means 

3 for the first user computing the second secret key "kl" according to the relation 

4 kl=(K ,y mod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first user; and 

6 wherein K' is the first multicast group exchange key. 

1 47. (Previously presented) The network device as recited in Claim 28, wherein: 

2 the means for receiving a first user exchange key from a first user comprises means for 

3 verifying that the first user should be allowed entry into the first multicast group; 

4 and 

5 means for providing the first user with the first multicast exchange key only after the first 

6 user is verified for entry into the first multicast group. 

1 48. (Previously presented) The network device as recited in Claim 28, further comprising: 

2 means for generating a second multicast group exchange key based on the second shared 

3 secret key; 

4 means for receiving a second user exchange key from a second user requesting entry into 

5 the second multicast group; 

6 means for computing a third secret key based on the second user exchange key and the 

7 second shared secret key; 

8 means for sending the second multicast group exchange key to the second user, wherein 

9 the second multicast group exchange key allows the second user to generate the 

10 third shared secret key; and 

1 1 means for establishing a third multicast group whose members include the second user 

12 and the members of the second multicast group, wherein the third shared secret 

13 key provides a second secure channel for communicating between members of the 

14 third multicast group over the insecure network, 

1 49. (Previously presented) The network device as recited in Claim 43, further comprising: 

2 means for determining that a first departing member has left the second multicast group; 
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3 means for selecting a private multicast group non-zero random integer; 

4 means for generating a second multicast group exchange key based on the private 

5 multicast group non-zero random integer, the public non-zero integer "g" and the 

6 public prime integer "n"; 

7 means for broadcasting the second multicast group exchange key to each remaining 

8 member of the second multicast group; 

9 means for, in response to receiving the second multicast group exchange key, each 

10 remaining member computing a third secret key based on the second multicast 

1 1 group exchange key and the second shared secret key; and 

12 means for establishing a third multicast group whose members include only remaining 

13 members of the second multicast group, wherein the third shared secret key 

14 provides a second secure channel for communicating between members of the 

15 third multicast group over the insecure network. 

1 50. (Previously presented) The network device as recited in Claim 28, wherein the means for 

2 establishing a second multicast group requires a total of approximately N+l messages for 

3 providing the first secure channel for communicating between members of the second 

4 multicast group over the insecure network, wherein N is a number of members of the first 

5 multicast group. 

1 51. (Currently Amended) The network device as recited in Claim 28, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 further comprising means for the particular first member sending the first user exchange 

5 key to the other first members of the set of one or more first members; and 

6 wherein each first member of the set of one or more first members computes the second 

7 secret key kl based on the first user exchange key and the first shared secret key 

8 according to the relation kl = (T ,k mod (n)\ wherein Y' represents the first user 

9 exchange key, k represents the first shared secret key, and n is a prime number 

10 selected by the members of the multicast group and previously used to generate 

11 the first shared secret key k . 
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1 52. (Currently Amended) The network device as recited in Claim 28, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key from the first user; and 

6 each first member of the set of one or more first members computes the second secret key 

7 kl based on the first user exchange key and the first shared secret ke y according 

8 to the relation kl = (T ,k mod (r0), wherein Y ? represents the first user exchange 

9 key, k represents the first shared secret key, and n is a prime number selected by 

10 the members of the multicast group and previously used to generate the first 

11 shared secret key k . 

1 53. (Previously presented) The network device as recited in Claim 28, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 
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